Share your best battle stories or start a LogPoint related discussion with your peers
- 23 Topics
- 25 Replies
Join us on the next Customer Success Roundtable session on August 24 3PM CET and share your ideas and feedback directly with the VP of Customer Success on how to improve LogPoint products and services. To register, simply send an email to email@example.com
Customer Success Roundtable and LogPoint Cyber Professionals Panel – sign up for the newsletter today for the registration details!
We will soon be sending out our new Customer Success Newsletter, if you are not already receiving newsletters from LogPoint, sign up here: https://go.logpoint.com/customernewsletter-signupThis issue will contain information about our new Customer Success Roundtable sessions, LogPoint`s Cyber Professionals Panel as well as Fighting the Ransomware war, Machine Learning, UEBA, Sizing Calculator and new integrations. Regards,Brian HansenVP, Customer Success
Attackers are using OneNote files to infiltrate systems by embedding malicious payloads, with OneNote becoming a popular option after macros were disabled.The attack is not new, with techniques ranging from phishing to sharing OneNote files, and payloads including RATs and information stealers.To detect and respond to these attacks, it is recommended to check strings of .one files, monitor OneNote’s child process executions, and check for suspicious use of built-in Windows binaries. Windows and 7-Zip have fixed bugs that allowed malicious file formats to bypass security warnings.The report explores how this attack works and its potential longevity.https://www.logpoint.com/en/blog/onenote-malicious-attachment-as-initial-vector/
Hi All, We are excited to share our latest blog on ESXiArgs Ransomware by Logpoint Security Researcher, Bibek Thapa Magar.VMware ESXi hypervisor allows organizations to host multiple virtual systems on a single physical server. A global ransomware campaign named “ESXiArgs” is targeting VMware ESXi servers and exploiting a two-year-old vulnerability (CVE-2021-21974). The involvement of other CVEs has been speculated. In October 2022, a custom python backdoor was detected on a VMware ESXi server, which could run remote commands or launch a reverse shell. This backdoor may have a role in the infection routine.Get research and analysis, insight, plus hints and tips, on how to mitigate ESXiArgs in the main blog below.https://www.logpoint.com/en/blog/esxiargs-ransomware/
Hi All,We are excited to share our latest blog by Logpoint Security Researcher, Nilaa Maharjan.In this piece, you can read about the zero-day vulnerability Fortinet disclosed in its FortiOS SSL-VPN products in December 2022, which was discovered to have been exploited by ransomware gangs.Get research and analysis, insight, plus hints and tips, on how to mitigate BOLDMOVE with Logpoint in the blog below.Link: https://www.logpoint.com/en/blog/boldmove-exploiting-fortinet-systems/
We recently updated our Idea Portal to bring even more privacy and freedom of sharing ideas - for example, it’s no longer showing names of the users voted for the idea, even names of the users commenting it. That should help to preserve anonymity even when ideas are created from the support ticket.Our team plan to continue improving experience of all “ecosystem” resources like Idea Portal, Service Desk and so on - so we appreciate any feedback from the community about this change - or any other potential changes. Please feel free to comment there - or by any other channel. NB: limited set of Logpoint employees, product managers with sufficient permissions, can still see names of the commentators in the back office of idea portal - to enable direct dialog on any specific feature scenario to be discussed outside idea portal.
is their a method or can their be method, where you can set your user accounts in log point as standard account, when someone need to complete any administrative task a ticket/token can be raised, with time frame limit. where manager/third person can either approve or reject it request to escalate current of the user account from standard to admin. For account tracking and better account visibility. Just as in Microsoft 365 security or MDE security portal.
Hello, i have some minor questions regarding LP “policies” regarding security vulnerabilities: Will LogPoint 6 still receive patches to fix security vulnerabilities ? E.g. LP 7.0.1 fixes the polkit vulnerability. As polkit was discovery AFTER the latest patch for LP 6 (6.12.02), there is a good chance LP6 is affected by it too, but there is no patch available and i didn’t find any informationen that LP 6.12.02 is NOT affected by this vulnerability. I am currently not keen to upgrade my LP installations from 6.12.2 to LP 7, but there have been some vulnerabilities for Linux recently (Log4Shell, polkit, dirty pipe, now zlib) with a good chance of LP being affected by them. If LP6 will not receive patches anymore, i would have to update (fast). Generally speaking, is there any documentation how long the different LP versions are supported ? Also, is there a webseite, newsletter etc to get get a quick overview or (even better) automatic notification when a new LP patches \ software update
Hi folks, just a quick one.I noticed on the Layout Templates section of the Reports tab that you can import a template. However, it doesn’t look like you can actually export a template. So, my question is - what kind of template do you import?Is there a specific file format or report schema that needs to be used, or does that option just not do anything at the moment?I did look on this page but there didn’t seem to be an explanation there either.
We still have a few spots available for our exclusive customer open hour sessions with LogPoint experts from our engineering, customer success, support, and global services teams.You might have questions like:How do I activate SOAR on top of my SIEM V7.0? How do I create a Trigger? Do I need to pay to activate my SOAR? Or something completely different. We are here to help you.The Open Hour sessions are: March 1st 11:00 CET March 3rd 14:00 CETUpgrading to LogPoint 7 is free. Visit the LogPoint Help Center to download LogPoint 7. We look forward to answering your questions and supporting your experiences with LogPoint SIEM+SOAR.
Are you using LogPoint 7 but have questions about SIEM or SOAR?For a short period we are offering exclusive customer open hour sessions with LogPoint experts from our engineering, customer success, support, and global services teams.You might have questions like:How do I activate SOAR on top of my SIEM V7.0? How do I create a Trigger? Do I need to pay to activate my SOAR? Or something completely different. We are here to help you.The Open Hour sessions are: Feb. 22nd 15:00 CET Feb 24th 13:00 CET March 1st 11:00 CET March 3rd 14:00 CETUpgrading to LogPoint 7 is free. Visit the LogPoint Help Center to download LogPoint 7. We look forward to answering your questions and supporting your experiences with LogPoint SIEM+SOAR.
Expect prolonged response time from Support due to faults in internet submarine cable supply in the Indian Ocean.
Dear All, We have been informed that there’s a problem with the under-sea cables between India and Europe resulting in connectivity issues. While work is underway to fully restore internet services at the earliest we are asking for your patience while we are doing our utmost best to ensure that your tickets are all resolved as fast as possible.In the meantime, we encourage you to use this community for instant help on non-critical issues.
Dear LogPoint Partner and Customer.Recently, a critical remote code execution vulnerability in Apache log4j (CVE-2021-44228), was discovered, affecting versions 2.0-2.14.1. Vulnerability status of LogPoint productsAt this time, we have determined that no LogPoint products are affected by the vulnerability.For detailed information about the vulnerability status of each LogPoint product, please consult the table below. If you have any questions about the vulnerability, please contact LogPoint Support or LogPoint Community. Details of vulnerability by LogPoint product Product Vulnerable? Reason LogPoint 6.12.2 Not affected Log4J v 1.2 used Previous LogPoint versions Not affected Previous versions used UEBA Not affected Log4J v 1.x used LogPoint Agent Not applicable Not used Director Console Not affected Log4J v 1.2 used Director Fabric Not a
Hello LogPoint Support / LogPoint Community,regarding the news about the log4j 2 CVE-2021-44228, I’ve been wondering whether log4j Version 2 is in use in the LogPoint Core SIEM or other parts of your product suite.Could you please evaluate this and inform us partners and customers about the probable impact of this CVE?Thanks so much in advance,Tobias Weidemann
Join us on the next Customer Success Roundtable session on October 21 3PM-4PM CET and share your ideas and feedback directly with the VP of Customer Success on how to improve LogPoint products and services. To register, simply send an email to firstname.lastname@example.org
We are now launching the LogPoint Ideas portal and would like you to join. Simply click the link below and log in with your existing support credentials, easy as that you are now ready to submit and upvote feature requests. Alternatively, you can always access the Idea Portal from the Community, just go to: homepage→ upper right corner→click Idea PortalJoin here: https://logpoint.ideas.aha.io/
Hello everyone,I just wanted to direct your attention to a roundtable that we have coming up with Jon Eglisson, our Engineering Manager for UEBA in the CTO office.So if there’s anything you always wanted to know about LogPoint’s UEBA solution this should be an interesting one to attend!You can find the signup link here:
Cobalt Strike, first released in 2012, is a commercial adversary simulation tool and is popular among red teams, pen-testers, and threat actors alike. In essence, Cobalt Strike is a modularized post-exploitation framework that uses covert channels to simulate a threat actor in the organization’s network.Cobalt Strike’s popularity is mainly due to its beacons being stealthy, stable, and highly customizable. The beacons are stealthy due to in-memory execution via reflection into the memory of a process without affecting the file system. Cobalt Strike’s post-exploitation suite includes support for keylogging, command execution, credential dumping, file transfer, port scanning, and more, making the adversary’s job easier. Malleable C2 is another beloved feature of Cobalt Strike that allows attackers to change how its beacons look and mimic other legitimate traffic to stay under the radar.Though the vendor screens the distribution of licenses to security professionals, adversaries were abl
Once again, a big thank you from all of us for joining LogPoint’s ThinkIn 2021!We have collected all of the great keynotes, presentations, and breakout sessions for you to revisit: Thinkin 2021 recordingsIf you haven’t already provided your feedback on Thinkin 2021, we would very much appreciate a few minutes of your time: Take the ThinkIn 2021 surveySee you for ThinkIn 2022…
A big thank you from all of us for joining LogPoint’s ThinkIn 2021! As we’re always striving to improve and make the next edition of ThinkIn even better, we would very much appreciate your feedback on ThinkIn 2021. Please take a few minutes to share your impressions here in the comments section or Take the ThinkIn 2021 surveyIf you want to revisit ThinkIn 2021, you can find live recordings of main tracks for the two days here:ThinkIn 2021 – Day 1ThinkIn 2021 – Day 2Stay tuned for recordings of individual keynotes, presentations, and breakout sessions.
Hi, i will need to open a support ticket with LP in the near future as the /opt folder does not have enough free space anymore which prevents the 6.11 updates from being applied.According to the LP documentation following fw rules have to be configured to successfully create a support connection:reverse.logpoint.dk - 1193/UDPcustomer.logpoint.com - 443/TCP My first question:Are these rules still correct ? reverse.logpoint.dk does not seem to exist anymore. Adding these rules to our firewall would not allow our LogPoint to retrieve a support IP. Second question:I guess that 443/TCP is needed to send some HTTPS traffic back to Logpoint. However, all HTTPS traffic in our network is routed through a forward proxy, and i would like to prevent making an exception for our LPs if it is avoidable. But i can not find any setting in the web-gui allowing me to configure a http proxy on the LogPoint. Is it possible to configure a system wide http proxy via the web-gui or the command line ? Please
Wouldn’t it be more handy to get a list created automatically when a process toList command is used in LP Query just like the T-SQL query below which creates a DB table automatically, rather than manually creating a dynamic list every time?SELECT column1, column2, column3, ...INTO newtable [IN externaldb]FROM oldtableWHERE condition;
Already have an account? Login
Login to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.LOGIN AS PARTNER OR CUSTOMER Login with LinkedIn
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.